BACKPORT: mm: ASLR: use get_random_long()

Replace calls to get_random_int() followed by a cast to (unsigned long) with calls to get_random_long(). Also address shifting bug which, in case of x86 removed entropy mask for mmap_rnd_bits values > 31 bits. Signed-off-by: Daniel Cashman <dcashman@android.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: David S. Miller <davem@davemloft.net> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Nick Kralevich <nnk@google.com> Cc: Jeff Vander Stoep <jeffv@google.com> Cc: Mark Salyzyn <salyzyn@android.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 5ef11c3) Signed-off-by: Andrew Bresticker <abrestic@chromium.org> BUG=b:27704619 TEST=Build and boot on Smaug. Change-Id: If4165f1a6c47e8509354a9908d1351a45415d7d7 Reviewed-on: https://chromium-review.googlesource.com/336855 Reviewed-by: Andrew Bresticker <abrestic@chromium.org> Commit-Queue: Andrew Bresticker <abrestic@chromium.org> Tested-by: Andrew Bresticker <abrestic@chromium.org>
mariux64 · Apr 1, 2016 · 8eb38aa · 8eb38aa
1 parent f12bae1
commit 8eb38aa
Show file tree

Hide file tree

Showing 8 changed files with 14 additions and 14 deletions.
diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
@@ -175,7 +175,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
 
 	if ((current->flags & PF_RANDOMIZE) &&
 	    !(current->personality & ADDR_NO_RANDOMIZE))
-		random_factor = (get_random_int() & ((1 << mmap_rnd_bits) - 1)) << PAGE_SHIFT;
+		random_factor = (get_random_long() & ((1UL << mmap_rnd_bits) - 1)) << PAGE_SHIFT;
 
 	if (mmap_is_legacy()) {
 		mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;

diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c
@@ -54,10 +54,10 @@ static unsigned long mmap_rnd(void)
 	if (current->flags & PF_RANDOMIZE) {
 #ifdef CONFIG_COMPAT
 		if (test_thread_flag(TIF_32BIT))
-			rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_compat_bits) - 1);
+			rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1);
 		else
 #endif
-			rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1);
+			rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);
 	}
 	return rnd << PAGE_SHIFT;
 }

diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
@@ -147,7 +147,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
 	unsigned long random_factor = 0UL;
 
 	if (current->flags & PF_RANDOMIZE) {
-		random_factor = get_random_int();
+		random_factor = get_random_long();
 		random_factor = random_factor << PAGE_SHIFT;
 		if (TASK_IS_32BIT_ADDR)
 			random_factor &= 0xfffffful;
@@ -166,7 +166,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
 
 static inline unsigned long brk_rnd(void)
 {
-	unsigned long rnd = get_random_int();
+	unsigned long rnd = get_random_long();
 
 	rnd = rnd << PAGE_SHIFT;
 	/* 8MB for 32bit, 256MB for 64bit */

diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
@@ -1633,9 +1633,9 @@ static inline unsigned long brk_rnd(void)
 
 	/* 8MB for 32bit, 1GB for 64bit */
 	if (is_32bit_task())
-		rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));
+		rnd = (get_random_long() % (1UL<<(23-PAGE_SHIFT)));
 	else
-		rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));
+		rnd = (get_random_long() % (1UL<<(30-PAGE_SHIFT)));
 
 	return rnd << PAGE_SHIFT;
 }

diff --git a/arch/powerpc/mm/mmap.c b/arch/powerpc/mm/mmap.c
@@ -60,9 +60,9 @@ static unsigned long mmap_rnd(void)
 	if (current->flags & PF_RANDOMIZE) {
 		/* 8MB for 32bit, 1GB for 64bit */
 		if (is_32bit_task())
-			rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));
+			rnd = get_random_long() % (1<<(23-PAGE_SHIFT));
 		else
-			rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));
+			rnd = get_random_long() % (1UL<<(30-PAGE_SHIFT));
 	}
 	return rnd << PAGE_SHIFT;
 }

diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
@@ -264,7 +264,7 @@ static unsigned long mmap_rnd(void)
 	unsigned long rnd = 0UL;
 
 	if (current->flags & PF_RANDOMIZE) {
-		unsigned long val = get_random_int();
+		unsigned long val = get_random_long();
 		if (test_thread_flag(TIF_32BIT))
 			rnd = (val % (1UL << (23UL-PAGE_SHIFT)));
 		else

diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
@@ -72,12 +72,12 @@ static unsigned long mmap_rnd(void)
 	if (current->flags & PF_RANDOMIZE) {
 		if (mmap_is_ia32())
 #ifdef CONFIG_COMPAT
-			rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_compat_bits) - 1);
+			rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1);
 #else
-			rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1);
+			rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);
 #endif
 		else
-			rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1);
+			rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);
 	}
 	return rnd << PAGE_SHIFT;
 }

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
@@ -558,7 +558,7 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
 
 	if ((current->flags & PF_RANDOMIZE) &&
 		!(current->personality & ADDR_NO_RANDOMIZE)) {
-		random_variable = (unsigned long) get_random_int();
+		random_variable = get_random_long();
 		random_variable &= STACK_RND_MASK;
 		random_variable <<= PAGE_SHIFT;
 	}